7a73fa7ca8f7caf895aafab3d6d082259fd89601bd78c085b45754d35b034e33

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2023, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9966d3b55a424cc510cd22af8015679.bin.exe
Size

1.8MB
MD5

c9966d3b55a424cc510cd22af8015679
SHA1

40e70cecc5563bdada2a1bc067dd146fd488c75a
SHA256

7a73fa7ca8f7caf895aafab3d6d082259fd89601bd78c085b45754d35b034e33
SHA512

724a25c4e95713e9e72c7a318358a0831e334db51eb826cf610e2ce75844fee9ddabea9d1489ec520f4ed0fa6e58e3436044496aaa60163b35448503a2c8b261
SSDEEP

49152:SkQTAAdQDOTC0wakdJ+J5DGfwNMiKw6id2l9gqumWD2/+H:SaAdQckdJ+JBGfwSip659IDD

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 33 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral2/memory/2980-137-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-138-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-140-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-142-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-144-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-146-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-148-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-150-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-152-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-154-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-156-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-158-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-160-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-162-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-164-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-166-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-168-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-170-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-172-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-174-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-176-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-178-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-180-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-182-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-184-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-186-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-188-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-190-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-192-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-194-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-196-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-198-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor
behavioral2/memory/2980-200-0x0000000005220000-0x00000000054BD000-memory.dmp	net_reactor

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2980	c9966d3b55a424cc510cd22af8015679.bin.exe

C:\Users\Admin\AppData\Local\Temp\c9966d3b55a424cc510cd22af8015679.bin.exe
"C:\Users\Admin\AppData\Local\Temp\c9966d3b55a424cc510cd22af8015679.bin.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-133-0x0000000074C10000-0x00000000753C0000-memory.dmp

Filesize
7.7MB

Download
memory/2980-134-0x0000000005210000-0x0000000005220000-memory.dmp

Filesize
64KB

Download
memory/2980-135-0x0000000005210000-0x0000000005220000-memory.dmp

Filesize
64KB

Download
memory/2980-136-0x0000000005770000-0x0000000005D14000-memory.dmp

Filesize
5.6MB

Download
memory/2980-137-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-138-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-140-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-142-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-144-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-146-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-148-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-150-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-152-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-154-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-156-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-158-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-160-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-162-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-164-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-166-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-168-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-170-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-172-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-174-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-176-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-178-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-180-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-182-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-184-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-186-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-188-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-190-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-192-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-194-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-196-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-198-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-200-0x0000000005220000-0x00000000054BD000-memory.dmp

Filesize
2.6MB

Download
memory/2980-349-0x0000000074C10000-0x00000000753C0000-memory.dmp

Filesize
7.7MB

Download
memory/2980-497-0x0000000005210000-0x0000000005220000-memory.dmp

Filesize
64KB

Download
memory/2980-580-0x0000000005210000-0x0000000005220000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads